Linux VPS Help Desk, Tutorials, How to Set Up, Install, Configure, etc
How to block other domain pointing our website ip address with .htaccess
Simply add this code below to .htaccess
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www.mydomain.com$
RewriteRule ^/?(.*) http://www.mydomain.com/$1 [QSA,R=301,L]
This rule will redirects to mydomain.com if another domain is pointing to our website or ip address
CaptchaSecurityImages.php Error function imagettfbbox Debian 7
Php gd has been installed
Error Image security code not show
Solutions:
Open and edit CaptchaSecurityImages.php Changed: "var $font = 'monofont.ttf';" to "var $font = './monofont.ttf';"
Save and restart apache2
Note: On CentOS server working good without any modification on code
Remove just exim4 package itself on Debian 7 with following command
#apt-get remove exim4
Remove exim4 with dependent packages on Debian 7 with following command
#apt-get remove --auto-remove exim4
Remove exim4 and delete configuration, data files on Debian 7 with following command
#apt-get purge exim4
Remove and delete exim4 configuration, data files, dependencies on Debian 7 with following command
#apt-get purge --auto-remove exim4
Update Debian with current updates with Aptitude command
Install Aptitude command following aptitude update
#apt-get update -y && apt-get upgrade -y
Remove and delete exim4 configuration, data files, dependencies on Debian 7 with following command
#apt-get purge --auto-remove exim4
Make sure the postfix, libsasl2-modules and ca-certificates package is installed and up to date:
#apt-get install postfix libsasl2-modules ca-certificates mailutils
Set Postfix to start on server boot:
#update-rc.d postfix defaults
Remove postfix start on server boot
#update-rc.d postfix disable
Enable postfix start on server boot
#update-rc.d postfix enable
Create or edit the password file:
#nano /etc/postfix/sasl_passwd
Add this line:
[smtp.gmail.com]:587 [email protected]:password
Create hash db file for Postfix by running the postmap command:
#postmap /etc/postfix/sasl_passwd
Securing Password and Hash Database Files.
The /etc/postfix/sasl_passwd and the /etc/postfix/sasl_passwd.db files created in the previous steps contain your SMTP credentials in plain text. For security reasons, change ownership and permissions to root for the two files:
#chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db #chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
Next, validate certificates to avoid running into error. Run following command:
#cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem | tee -a /etc/postfix/cacert.pem
Thawte_Premium_Server_CA.pem not exist on Debian 8,so we have to download it manually
#cd /etc/ssl/certs
#wget https://www.thawte.com/roots/thawte_Premium_Server_CA.pem
#mv thawte_Premium_Server_CA.pem Thawte_Premium_Server_CA.pem #cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem | tee -a /etc/postfix/cacert.pem
Configuring the Relay Server on Postfix configuration /etc/postfix/main.cf file to use the external SMTP server.
#nano /etc/postfix/main.cf
Insert following gmail SMTP relay host line
relayhost = [smtp.gmail.com]:587
At the end of the file, add the following parameters to enable authentication:
#nano /etc/postfix/main.cf
Then add the following parameters on /etc/postfix/main.cf to enable authentication:
#enable SASL authentication smtp_sasl_auth_enable = yes # disallow methods that allow anonymous authentication. smtp_sasl_security_options = noanonymous # where to find sasl_passwd smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd # Enable STARTTLS encryption smtp_use_tls = yes # where to find CA certificates smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
Save the changes and Restart Postfix:
#service postfix restart
Send test email to test if Relay work good with mail command below
echo "This is a test." | mail -s "test message" [email protected]
Check the logs for any Postfix errors on Debian
#tail -f /var/log/mail.log
Port 25 open by iptables firewall
Make sure port 25 open has been accept by iptables firewall, visit this article to Install and Set Up Iptables Firewall on Centos 6
Postfix Gmail SMTP Relay access denied
rcpt to: [email protected] 554 5.7.1 <[email protected]>: : Relay access denied
Your Google Account has been suspended
Hi vpshelpdesk, Google has suspended your Account, [email protected], because of a violation of our Terms of Service.
Please follow possible solution below, so far it is working for me
Change the “allow less secure apps” setting to enable. This allows them to connect to the account again.
Insert and Verify Account recovery email and phone
If Gmail SMTP Relay rare to use and rare sign in sometimes the message will not deliver again. Once check tail -f /var/log/maillog, we will find error below;
May 16 14:31:43 vpsheldesk.com postfix/smtp[1096]: D738BA40BE0: to=, relay=smtp.gmail.com[74.125.138.109]:587, delay=31, delays=0.01/0.04/31/0, dsn=4.7.14, status=deferred (SASL authentication failed; server smtp.gmail.com[74.125.138.109] said: 534-5.7.14 Please log in via your web browser and?534-5.7.14 then try again.?534-5.7.14 Learn more at?534 5.7.14 https://support.google.com/mail/answer/78754 w190sm8732463ywa.39 - gsmtp) Visit GMAIL HELP https://support.google.com/mail/answer/78754 and follow the instructions
Can’t sign in to my email app
If you’re using the wrong Gmail password on another email app, you might have these problems:
If you have these problems or can’t sign in, first check to make sure you’re using the right password.
Tip: Keep in mind that passwords are case-sensitive.
Troubleshoot sign-in problems
If you’re sure your password is right, try these tips:
mod_rewrite installed by default on Apache2 installation,
Check verify the existence of /etc/apache2/mods-available/rewrite.load.
#cat /etc/apache2/mods-available/rewrite.load
LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so
Enable and load mod_rewrite
#a2enmod rewrite
The above command will create a symbolic link in /etc/apache2/mods-enabled.
#ls -al /etc/apache2/mods-enabled/rewrite.load
lrwxrwxrwx 1 root root 30 Dec 7 05:26 /etc/apache2/mods-enabled/rewrite.load -> ../mods-available/rewrite.load
Then open and edit /etc/apache2/sites-available/default configuration. Replace every occurrence of “AllowOverride None” with “AllowOverride all”.
#vim /etc/apache2/sites-available/default
Finally, restart Apache2.
#service apache2 restart
Disable mod_rewrite Module in Apache2
To disable module use a2dismod command
#a2dismod rewrite
Finally, restart Apache2.
#service apache2 restart
Make sure Debian has been update and upgrade
#apt-get update && apt-get dist-upgrade
Then type following rules below on terminal
#iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP #iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP #iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP #iptables -I INPUT -p icmp -m icmp --icmp-type echo-request -j ACCEPT // add rules to allow traffic on your loopback interface: #iptables -A INPUT -i lo -j ACCEPT #iptables -A OUTPUT -o lo -j ACCEPT #iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT #iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT #iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT #iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT #iptables -A INPUT -p tcp -m tcp --dport 465 -j ACCEPT #iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT #iptables -A INPUT -p tcp -m tcp --dport 995 -j ACCEPT #iptables -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT #iptables -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT #iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT #iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #iptables -P OUTPUT ACCEPT #iptables -P INPUT DROP
Check list iptables rules
#iptables -L -n Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTAB LISHED DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x0 2 state NEW DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x0 2 state NEW DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:465 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:995 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
iptables-persistent for Debian/Ubuntu
Since Ubuntu 10.04 LTS (Lucid) and Debian 6.0 (Squeeze) there is a package with the name “iptables-persistent” which takes over the automatic loading of the saved iptables rules. To do this, the rules must be saved in the file /etc/iptables/rules.v4 for IPv4 and /etc/iptables/rules.v6 for IPv6. For use iptables-persistent, the package must simply be installed.
#apt-get install iptables-persistent
System will ask to save iptables rules to /etc/iptables/rules.v4 for IPv4 and /etc/iptables/rules.v6, choose Yes.
Save your rules by running:
#service iptables-persistent save #service iptables-persistent restart
And it flush your IPtables rules, effectively disabling your firewall, run:
#service iptables-persistent stop #service iptables-persistent start #service iptables-persistent restart
Done!
Faster way just paste this on console
/sbin/iptables -F && /sbin/iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP && /sbin/iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP && /sbin/iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP && /sbin/iptables -I INPUT -p icmp -m icmp --icmp-type echo-request -j ACCEPT && /sbin/iptables -A INPUT -i lo -j ACCEPT && /sbin/iptables -A OUTPUT -o lo -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 465 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 995 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT && /sbin/iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT && /sbin/iptables -P OUTPUT ACCEPT && /sbin/iptables -P INPUT DROP
Next!!
#apt-get install iptables-persistent
#/sbin/iptables-save > /etc/iptables/rules.v4 #/sbin/iptables-save > /etc/iptables/rules.v6
#/sbin/iptables-restore < /etc/iptables/rules.v4 #/sbin/iptables-restore < /etc/iptables/rules.v6
Install Aptitude command following aptitude update command
#apt-get install aptitude
Up-to-date and upgrade the system to current version
#aptitude update && aptitude safe-upgrade
Or update Debian system with apt-get command
#apt-get update && apt-get upgrade
Install Apache
#apt-get install apache2
Install mysql server
#apt-get install mysql-server
Finish up by running the MySQL set up script:
#mysql_secure_installation
Install PHP
#apt-get install php5 && apt-get install php-pear && apt-get install php5-mysql && apt-get install php5-gd
Finish up by restarting apache:
#service apache2 restart
Error
Could not reliably determine the server’s fully qualified ***. Solved by Add ServerName localhost at /etc/apache2/apache2.conf at end of line
ServerName localhost
#a2enmod rewrite
Then open and edit /etc/apache2/apache2.conf find
Options Indexes FollowSymLinks AllowOverride All Require all granted
Replace “AllowOverride None” to “AllowOverride all”
To increase PageSpeed: Leverage browser caching.
enable mod_headers:
#a2enmod headers Enabling module headers To activate the new configuration, you need to run: service apache2 restart
enable mod_expires:
#a2enmod expires Enabling module expires To activate the new configuration, you need to run: service apache2 restart
Then restart Apache server to make these changes effective
#service apache2 restart
Enable apache mod_rewrite for seo user friendly url CentOS 6
The mod_rewrite module on httpd conf is enabled by default on CentOS 6. check if mod_rewrite.so module has been installed and activate at httpd configuration.
#cat /etc/httpd/conf/httpd.conf | grep mod_rewrite LoadModule rewrite_module modules/mod_rewrite.so
** If it is commented (#), please remove it (#) out.
Enable .htaccess File for seo user friendly
Once the mod_rewrite module has been activated, you can set up your URL rewrites by creating an .htaccess file in your default document root directory.
A .htaccess file allows us to modify our rewrite rules without accessing server configuration files. For this reason, .htaccess is critical to your web server. Before we begin, we need to allow Apache to read .htaccess files located under the /var/www/html directory.
You can do this by editing httpd.conf file:
#vi /etc/httpd/conf/httpd.conf
Find the section <directory /var/www/html> and change AllowOverride None to AllowOverride All, there are 2 AllowOverride Off must change to AllowOverride On
<Directory /var/www/html> AllowOverride All </Directory> # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # AllowOverride All #
Save and exit.
Now restart Apache to put the change into effect:
#service httpd restart
Systems error and solutions
php move_uploaded_file error
check folder permission, solution
#chown -R apache:apache /upload #chown -R nginx:nginx /upload #chmod 755 /upload
How to install Nginx web server, MariaDB and PHP-FPM
To avoid any conflict once NGINX service start please make sure Apache service already removed (if available). We can remove Apache service as follow
Shutdown Apache service (if running)
#service httpd stop
Remove Apache from boot cycle, so that it does not start up again on boot
#chkconfig httpd off
Remove Apache package
#yum remove httpd
UPDATE EPEL REPOSITORY
NGINX is available as a package for CentOS 6 from epel repository but first we should update epel repository, which we can install as follows:
#yum install epel-release
Install Nginx using yum
#yum install nginx
To get NGINX running type:
#/etc/init.d/nginx start
We can check that nginx has installed by open a browser and type http://ipaddress
Configure the server to start NGINX on server boot
#chkconfig nginx on
Install MariaDB
Install MariaDB from a repository using yum, before install make sure CentOS packages is up-to-date
#yum -y update
Then add the MariaDB repository
#vi /etc/yum.repos.d/MariaDB.repo
Insert this custom MariaDB 10.1 Stable YUM repository for CentOS 6 (64 Bit).
# MariaDB 10.1 CentOS repository list - created 2016-07-03 19:01 UTC # http://downloads.mariadb.org/mariadb/repositories/ [mariadb] name = MariaDB baseurl = http://yum.mariadb.org/10.1/centos6-amd64 gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB gpgcheck=1
*** For complete custom MariaDB repository with linux system version please visit https://downloads.mariadb.org/mariadb/repositories/
Install MariaDB with yum
#yum install MariaDB-server MariaDB-client -y
Start MariaDB and set to start on every boot.
#service mysql start #chkconfig mysql on
Secure MariaDB, secure your MariaDB installation with the following checklist
Set (Change) root password
Remove anonymous users
Disallow root login remotely.
Remove test database and access to it.
Reload privilege tables.
Run the secure installation command.
#mysql_secure_installation Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] y New password: ENTER YOUR PASSWORD Re-enter new password: REPEAT YOUR PASSWORD Password updated successfully! Reloading privilege tables.. ... Success! Remove anonymous users? [Y/n] y ... Success! Disallow root login remotely? [Y/n] y ... Success! Remove test database and access to it? [Y/n] y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reload privilege tables now? [Y/n] y ... Success! Cleaning up... Thanks for using MariaDB!
Restart MariaDB.
#service mysql restart
INSTALL PHP-FPM
The php-fpm package is located within the REMI repository, which, at this point, is disabled. The first thing we need to do is enable the REMI repository and install php and php-fpm:
#wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm #rpm -Uvh remi-release-6.rpm
Enable REMI repository by edit file remi.repo.
Find the line enabled =0 and change all of it to 1 to enable REMI repository.
#vi /etc/yum.repos.d/remi.repo
[...] enabled=1 [...]
Then we can install php and php-fpm as follows:
#yum install php-fpm php-mysql
Set the php-fpm processes to run automatically when server boots
#service php-fpm start #chkconfig php-fpm on
CONFIGURE PHP
We need to make one small change in the php.ini configuration.
Find the line, cgi.fix_pathinfo=1, and change the 1 to 0
#vi /etc/php.ini
cgi.fix_pathinfo=0
If this number is kept as a 1, the php interpreter will do its best to process the file that is as near to the requested file as possible. This is a possible security risk. If this number is set to 0, conversely, the interpreter will only process the exact file path a much safer alternative. Save and Exit.
STEP SIX: CONFIGURE NGINX
Open up the default nginx config file and raise the number of worker processes to 4 then save and exit that file.
#vi /etc/nginx/nginx.conf
[...] worker_processes 4; [...]
Nginx already comes with a default configuration to use php fpm. Open the /etc/nginx/conf.d/default.conf file and look following lines.
#vi /etc/nginx/conf.d/default.conf
# The default server
server {
listen 80;
server_name example.com;
location / {
root /usr/share/nginx/html;
index index.php index.html index.htm;
}
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root /usr/share/nginx/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
Here are the details of the changes:
Open up the php-fpm configuration, replace the apache in the user and group with nginx:
#vi /etc/php-fpm.d/www.conf
; RPM: apache Choosed to be able to access some dir as httpd user = nginx ; RPM: Keep a group allowed to write in log dir. group = nginx
Finish by restarting php-fpm.
#service php-fpm restart
CHECK RESULTS:
Create a php info page and add in the following line:
#vi /usr/share/nginx/html/info.php
<?php phpinfo(); ?>
Then Save and Exit.
Restart nginx so that all of the changes take effect:
#service nginx restart
We can check that NGINX MySQL PHP has installed successfully by open a browser and type http://ipaddress/info.php
Set Up nginx, mysqld, php-fpm Autostart on reboot
#chkconfig --levels 235 mysql on #chkconfig --levels 235 nginx on #chkconfig --levels 235 php-fpm on
How to install Linux Httpd web server, MariaDB and PHP on CentOS 6